您好,登錄后才能下訂單哦!
大體步驟分為:
1.通過(guò)java 生成隨機(jī)數(shù)放在http 的header 里面
String token = IdentityUtil.uuid32();
getRequest().getSession().setAttribute("server_token", token);
2.把生成token 放到隱藏域中,
String html = "<input type=\"hidden\" id=\"puff_beetl_client_token\" name=\"puff_beetl_client_token\" autocomplete=\"off\" value=\"" + token + "\" />";
try {
ctx.byteWriter.writeString(html);
} catch (IOException e) {
e.printStackTrace();
}
輸出到頁(yè)面;
3.寫(xiě)個(gè)攔截器,頁(yè)面?zhèn)鬟^(guò)來(lái)的token與java生成token進(jìn)行匹配;
public void intercept(DispatcherExecutor executor) {
String server_token = PuffContext.removeSessionAttr("server_token");
String client_token = PuffContext.getRequest().getHeader("Puff-ClientToken");
if (StringUtil.empty(server_token) || StringUtil.empty(client_token) || !server_token.equals(client_token)) {
if (PuffContext.ajax()) {
RetMsg msg = RetMsg.error(RetCode.ILLEGAL_SUBMIT, "非法表單提交申請(qǐng)!");
PuffContext.getResponse().setHeader("illegal_submit", "yes");
executor.setResult(ViewFactory.json(msg));
} else {
throw new IllegalArgumentException("非法表單提交申請(qǐng)!");
}
} else {
executor.execute();
}
//如果匹配了。重新生成token到頁(yè)面,防止重復(fù)提交
String token = IdentityUtil.uuid32();
PuffContext.setSessionAttribute("server_token", token);
PuffContext.getResponse().setHeader("server_token", token);
}
4.頁(yè)面
$.ajax({
url:"${ctxPath}/xx",
data:$('#form').serialize(),
type:"POST",
datatype:"json",
beforeSend: function(request) {
//把token 放到http header 中
request.setRequestHeader("Puff-ClientToken",$("#puff_beetl_client_token").val());
},
success:function(data){
if(data.code=="403"){
layer.close(index);
Popbox.sureWithBtn(data.msg);
}else{
var msg=eval("("+data.msg+")");
var code=msg.code;
if(code==success){
layer.close(index);
window.location.href="${ctxPath}/success;
}else{
flag=false;
layer.close(index);
Popbox.sureWithBtn(msg.message);
}
}
},
complete:function(request){
if(!flag){ //提交成功,就不改變http頭部header,就是當(dāng)失敗才重新把token放到http header中
$("#puff_beetl_client_token").val(request.getResponseHeader("server_token"));
}
},
error:function(){
layer.close(index);
}});
免責(zé)聲明:本站發(fā)布的內(nèi)容(圖片、視頻和文字)以原創(chuàng)、轉(zhuǎn)載和分享為主,文章觀點(diǎn)不代表本網(wǎng)站立場(chǎng),如果涉及侵權(quán)請(qǐng)聯(lián)系站長(zhǎng)郵箱:is@yisu.com進(jìn)行舉報(bào),并提供相關(guān)證據(jù),一經(jīng)查實(shí),將立刻刪除涉嫌侵權(quán)內(nèi)容。